CVE-2026-0142

In iavbparsekeydata of avbrsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0142

CVE-2026-0142 affects the AVB component (iavb_parse_key_data in avb_rsa.c). The root cause is an out-of-bounds read due to improper input validation, leading to local information disclosure without extra privileges or user interaction. Connected documents confirm the same description across multi...

CVE-2026-47223

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

CVE-2026-47222

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a...

EUVD-2026-36508

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

CVE-2026-47222

NanaZip (derivative of 7-Zip) contains a heap out-of-bounds read in the AVB vbmeta image parser (via AvbHandler) affecting versions 3.0.1000.0 through before 6.0.1698.0. An unsigned integer underflow in a bounds check lets attacker-controlled value_num_bytes pass validation, causing AddNameToStri...

CVE-2026-47222 NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a...

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

CVE-2026-8398

The CVE-2026-8398 entry concerns a supply-chain compromise of DAEMON Tools Lite Windows installers (versions 12.5.0.2421–12.5.0.2434) distributed via daemon-tools.cc. Attackers allegedly gained access to AVB Disc Soft’s build/distribution infrastructure and trojanized three binaries—DTHelper.exe,...

qualcomm_avb_exploit_poc

qualcommavbexploitpoc PoC for a Qualcomm ABL bootloader un...

PT-2026-41279

Name of the Vulnerable Software and Affected Versions DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434 Description A supply chain attack compromised official installation packages distributed via the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers...

EUVD-2020-28922

Malware in sbrugna...

EUVD-2019-2296

Malware in sbrugna...

CVE-2020-8009

AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file...

USN-7185-2 linux-azure, linux-azure-4.15 vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in th...

USN-7183-1 linux, linux-lts-xenial vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-7185-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7185-1 advisory. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local...

Ubuntu: Security Advisory (USN-6652-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6652-1: Linux kernel (Azure) vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

USN-6652-1 linux-azure vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...